Industry executives and experts share their predictions for 2021. Read them in this 13th annual VMblog.com series exclusive.
Digital Transformation Security Threats will Dominate in 2021
By Shai Morag, CEO, Ermetic
COVID-19 has made 2020 one of the most
challenging years on record for everyone, including the security industry.
Despite the challenges, the past 12 months have opened up new opportunities and
disrupted some long held perceptions about work from home, face to face
meetings and more. Here are my security predictions for 2021.
There will be a phased shift in the way
organizations enable and secure remote workers. In 2020 companies were
generally putting out fires, since they
were completely unprepared for the speed and scale at which they needed to
provide security for a 100 percent remote workforce. Now that the basics have
been addressed and organizations understand that remote work is here to stay,
the focus next year will be on implementing new security controls that provide
a user experience similar to being "in the office" and improves both efficiency
and team collaboration. And no less important, organizations will look for
solutions that are easily managed by a remote IT organization. For example, I
predict that organizations will continue to switch to SaaS applications
wherever possible, and accelerate the migration of private applications to the
cloud. They will look to replace slow, legacy VPN connections to the corporate
network with identity-centric or zero-trust solutions.
Since remote work will continue to be the rule
and not the exception in 2021 and beyond, network and the endpoint security
will largely remain beyond the control of organizations. As a result,
identity-centric security will top the list of enterprise priorities next year.
In order to protect assets, regardless of whether they are in the cloud or
on-premises, organizations will focus on
securing the people, machines and services who access them. This is the only
security model that makes sense right now.
Many business transactions will remain virtual
now that organizations have realized it is possible to establish trust without
meeting in person. This will force organizations to implement new security
controls around external business processes such as digital contracts and
signatures, improved governance of file sharing and storage, and deeper control
over access entitlements to enterprise data.
Large security conferences will cease to
exist. Many organizations had serious doubts about their efficacy before COVID,
and now a year without them will prove that they are no longer worth the
expense. Small, focused security events are going to be the first to rebound,
especially ones that can be delivered regionally.
Finally, on the innovation front we can expect
to see more repeat entrepreneurs get funding for their security start-ups in
2021 than first time company founders. Since the pandemic has created economic
uncertainty investors will prefer to finance companies that are led by founders
with an established track record of success. Along these lines, there will be
more large investments in successful growth-stage security companies than
startups in 2021.
2021 will continue a major trend that was
accelerated by the COVID-19 pandemic, the digital transformation of companies
in virtually every industry. Being forced to transform business processes on
the fly to accommodate work from home mandates has removed many of the
barriers, real or perceived, organizations had towards moving to the cloud.
With more and more applications and data
center infrastructure moving off-premises, companies will need to adapt their
security models accordingly. Since the cloud uses a shared security model, with
service providers owing infrastructure protection and cloud user organizations
being responsible for access and data security, companies will need to
implement new controls and acquire new skills for managing them.
It will be important for companies to
understand the limitations of native security tools offered by cloud service
providers, especially when it comes to identity, access and entitlements
management. Solving these problems on-premises is already fraught with
complexity, and the scale of the cloud only makes them more challenging to
control. Organizations should look to leading research firms like Gartner and
Forrester for insights into security alternatives that are built for the
cloud.
##
About the Author
Shai
Morag is CEO of cloud identity and access security provider Ermetic. Previously, he was co-founder and CEO of Secdo, an
incident response platform vendor acquired by Palo Alto Networks, and CEO of
Integrity-Project, a software outsourcing company acquired by Mellanox. Shai
also served for 10 years as an officer in senior product development and
management roles with the Intelligence Unit of the Israel Defense Forces.